Cross-Chain Solvers: A Position Paper

The forcing function

The cross-chain user experience is moving from “choose a bridge, choose a DEX, wait, then complete the trade” to state the outcome and let a solver compete to deliver it. The user signs an intent or creates an order; the solver decides whether the route is profitable and safe; the protocol enforces settlement.

This compresses UX and gives applications chain abstraction, but it also moves risk into solver infrastructure. Solvers need hot inventory, fast signatures, API credentials, bridge attestations, and settlement permissions spread across many chains. Their competitive advantage depends on speed, but their downside comes from letting the wrong transaction move inventory.

The loss pattern

The main risk for production solvers is not abstract bridge risk. It is inventory controlled by keys that must stay online enough to quote, fill, claim, withdraw, and rebalance. The broader crypto market shows how expensive that key-management layer can become when it fails.

$2.2B

stolen in 2024

Chainalysis estimated $2.2B stolen from crypto platforms in 2024 across 303 incidents; TRM’s independent 2024 hack deep dive reports the same headline total.^[10]^[11]

44–70%

tied to private keys

Chainalysis attributed 43.8% of stolen 2024 value to private-key compromises; TRM attributed nearly 70% to infrastructure attacks, primarily private-key and seed-phrase compromises.^[10]^[11]

~$1.0–1.5B

2024 private-key loss range

Applied to the $2.2B 2024 total, those two estimates imply roughly $964M to $1.54B of 2024 losses from private-key / seed-phrase style compromise.^[10]^[11]

$1.5B

Bybit 2025 exploit

TRM describes the February 2025 Bybit theft as approximately $1.5B in ETH tokens, with at least $160M moved through illicit channels within 48 hours and over $400M moved by February 26.^[12]

A solver is not an exchange, but the failure mode rhymes: once a hot key can move valuable inventory, compromise turns directly into loss. For solver networks, the practical question is whether inventory-moving authority can be online enough to compete while still being constrained enough that a compromised bot cannot empty the vault.

The solver role

The same word, “solver,” covers several different business and technical roles. A useful taxonomy starts with how the actor gets selected and how it is repaid.

Category	Technique	Control question
Fast-fill solver networksAcross, deBridge DLN, Wormhole Settlement, Squid Coral, Relay.link	A filler fronts destination-chain value and later claims, unlocks, or settles against source-chain value.	Where is destination inventory held, and which keys can move it before repayment is final?
Dutch-auction resolversUniswapX, 1inch Fusion+	A signed order decays in price; resolvers choose when to fill and compete on timing, price, and inventory.	Which checks happen before quoting, before filling, and before escrow settlement?
Batch-auction solversCoW Protocol	Solvers compete to produce the best aggregate settlement for a batch of intents.	Who constructs settlement calldata, who signs it, and how are hooks or external venues constrained?
RFQ market makersHashflow, Bebop, 0x-style professional maker flows	Professional makers issue firm, short-lived quotes against private inventory.	How are quote-signing keys, inventory thresholds, and stale-price failures controlled?
Aggregators and chain-abstraction routersLI.FI, Socket/Bungee, Squid, Enso	The product selects routes across bridges, DEXs, intent protocols, and executors.	Does the system only return calldata, or does it operate relayers, executors, gas sponsors, or refund paths?
Settlement and messaging railsLayerZero, Axelar, Wormhole, Hyperlane, Chainlink CCIP, Circle CCTP, Stargate	Infrastructure that solvers use for messages, canonical transfers, attestations, and rebalancing.	Which relayers, executors, attestations, or finality assumptions gate downstream solver actions?

Execution models

Across Dutch auctions, RFQ, batch auctions, and fast-fill networks, the operational lifecycle repeats: take an order, select a solver, execute on the destination, claim on the source, then rebalance for the next trade.

Order intakeSource chain

User signs an intent, places an RFQ, deposits into escrow, or submits a bridgeable route.

Solver selectionOff-chain

A resolver, filler, maker, or route executor wins on price, speed, exclusivity, or auction rules.

Destination executionDestination◆ solver signs

The solver fronts funds, swaps, or executes a call — its first inventory-moving signature.

Claim & settlementSource chain◆ solver signs

The solver proves the source order and unlocks, claims, or nets repayment.

RebalancingCross-chain◆ solver signs

Inventory is moved across chains and venues to prepare for the next fill.

Figure 1 — The cross-chain intent lifecycle. Phases 3–5 are where a solver’s keys move inventory — and where a compromised signer turns into a loss.

ERC-7683 is an important step toward standard cross-chain intent order formats, with Across and Socket among the teams pushing explicit support.^[1]^[8]^[9] But today, many production systems still use project-specific escrow formats, RFQ payloads, API routes, or settlement contracts.

The ecosystem

The solver ecosystem is not a single market. It is a stack of relayers, resolvers, RFQ makers, routers, settlement systems, canonical transfer rails, and clearing layers. Some teams operate inventory directly; others coordinate execution or reduce settlement friction.

Project	Category	Role in the solver stack
Across	Fast-fill relayer network	Relayers fill users on the destination chain and are repaid through optimistic settlement bundles.
deBridge DLN	0-TVL cross-chain order network	Takers fulfill destination orders and later claim or unlock source-side value.
Wormhole Settlement / Mayan	Settlement and solver ecosystem	Solvers compete around Wormhole attestations, CCTP, and fast auction flows.
1inch Fusion+	Cross-chain Dutch-auction resolver network	Resolvers coordinate source and destination escrows using hashlock and timelock-style mechanics.
Squid Coral	Intent swaps over Axelar	Solvers quote and fill intent swaps while Axelar provides cross-chain transport.
Relay.link	Managed fast bridging and execution API	Relay and liquidity providers deliver fast destination execution and rebalance behind the API.
UniswapX	Dutch-auction filler system	Fillers compete to execute signed orders through reactor contracts; cross-chain variants extend the model.
CoW Protocol	Batch-auction solver network	Solvers compete to produce aggregate settlements across user intents and liquidity venues.
LI.FI	Aggregator and intent router	Routes across bridges, DEX aggregators, intent protocols, and status/execution APIs.
Socket / Bungee	Chain-abstraction orchestration	Coordinates route execution, transmitters, and EIP-7683-compatible order surfaces.
Hashflow / Bebop	RFQ market-maker networks	Professional makers quote firm prices against private inventory across supported chains.
Everclear	Clearing and netting layer	Nets cross-chain obligations to reduce solver rebalancing cost and settlement friction.

Operational fault lines

The state of solvers is defined as much by operational constraints as by protocol design. The same fault lines appear across otherwise different systems.

Inventory custody. Funds often sit in EOAs, smart accounts, vault contracts, protocol balances, or venue accounts. The critical question is not only where funds sit, but what runtime conditions are required before they can move.
Order reconstruction. Before a fill, claim, or rebalance, a solver must reconstruct source-chain events, bridge attestations, quote IDs, deadlines, recipients, token amounts, and replay constraints.
Latency budget. A 100 ms quote path cannot carry the same checks as a settlement, withdrawal, or rebalance path. Controls have to be placed at the right phase of the lifecycle.
Participation model. “Solver” can mean permissionless filler, allowlisted resolver, private RFQ maker, bonded relayer, internal executor, or infrastructure node. Each carries different trust and operational assumptions.
Standards compatibility. ERC-7683 is creating a shared cross-chain intent language, but production systems still use many protocol-specific order formats and API payloads.

Verifiable control

The control problem is not unique to any one protocol. A solver needs a way to move quickly without turning every hot wallet, executor, or quote signer into an unconstrained source of loss. The emerging answer is programmable, attestable signing for solver inventory and execution authority: sensitive actions can move behind code-enforced policy while strategy remains fast.

◆Policy-gated inventory. Solver inventory can sit behind a vault or signing flow that releases funds only when code verifies the order, route, amount, deadline, profitability, and risk limits.
◆Attested execution. Authorization logic can run inside TEEs and produce evidence that a specific policy approved or denied a fill, claim, withdrawal, or rebalance.
◆Cross-chain source verification. Source-chain state, bridge attestations, VAAs, CCTP messages, or settlement roots can be checked before a downstream action is signed.
◆Role separation. Quote generation, strategy, execution, withdrawal, and emergency permissions can be separated so no single bot or operator has unilateral inventory authority.
◆Phase-aware controls. The controls used for quoting, filling, claiming, and rebalancing can differ according to each phase’s latency budget and risk profile.

Lit is one implementation of this pattern. A Lit Action can run the policy check; Lit’s TEE-backed signing path can authorize the transaction only if the policy passes; and the solver can keep a record of what code and context approved the action.^[13]^[14]

Fast path

Solver strategy & botsHot keys, API credentials, quote signers — competing on speed.

→

Policy gate · Lit Action in a TEE

Before any inventory move, verify:

◆ order, route, amount, deadline
◆ per-token / per-chain / per-window limits
◆ source of truth — deposits, VAAs, CCTP, replay state

pass → signfail → no signature

→

Protected

Solver inventoryVaults & balances across chains — move only on a verified signature.

Figure 2 — A policy gate in front of inventory-moving signatures. Strategy stays fast; the signature is withheld unless code verifies the order, route, limits, and chain facts.

Hot-wallet drain prevention. A solver vault can require a Lit Action policy before inventory moves. If a bot server, API key, or ordinary operator credential is compromised, the attacker still cannot drain funds unless the order, route, limits, and chain facts satisfy policy.
Blast-radius limits. Policies can enforce per-token, per-chain, per-counterparty, per-route, and time-window limits so a single failure cannot become an unlimited cross-chain inventory drain.
Source-of-truth checks. Before signing a fill, claim, withdrawal, or rebalance, a Lit Action can reconstruct source-chain deposits, bridge attestations, CCTP messages, VAAs, deadlines, recipients, and replay state.
Phase-specific controls. Low-latency quote paths can stay fast, while higher-risk phases — destination release, claim, withdrawal, and rebalance — use stricter checks and attested approvals.
Emergency response. A policy can include kill switches, circuit breakers, allowlist changes, or governance-gated upgrades without handing a single hot key the power to move every asset.
Auditability. The solver can show which code path authorized or denied a movement of funds, turning key management from an operational promise into a verifiable control.

What a solver can prove

A mature solver stack should be able to show more than a transaction hash after the fact. It should be able to show why an action was allowed, why a risky action was denied, and which code path held authority over inventory.

Claim	Evidence
Inventory moved under policy	A fill, claim, withdrawal, or rebalance was authorized only after the required order, route, limit, and risk checks passed.
A denial was real	A risky or invalid request failed because the policy refused to sign, not because an operator happened to notice it.
The signer was constrained	The key could not be exported or used outside the allowed policy path, reducing hot-wallet and insider risk.
The execution path is auditable	The decision can be tied to code identity, chain state, and the specific cross-chain facts that were observed at signing time.

Questions worth asking

Whether you run solver inventory or depend on one, these are the questions that separate a controlled stack from a hopeful one — and the ones a policy-gated signing layer is built to answer.

If a bot server or API key is compromised, can it still move inventory — or does code gate every transfer first?
Can you prove a risky or invalid fill was denied, not just that nothing bad happened to occur?
Is inventory-moving authority separated from strategy and quoting, or does one hot key do everything?
Before a claim, withdrawal, or rebalance, what reconstructs source-chain truth — and what happens if it is wrong?
Could you show an auditor, a partner, or a user exactly which code path authorized a movement of funds?

Keep the speed. Lose the unconstrained key.

If you operate solver inventory across chains, we’ll walk your team through policy-gated signing — and a working vault you can fork today.

Book a solver security review

See the solver vault example

References

[1]Across docs, “Crosschain Intents” and intent architecture. link
[2]deBridge DLN documentation, protocol overview and order fulfillment flow. link
[3]Wormhole Settlement overview. link
[4]Squid Coral Intent Swaps and solver documentation. link
[5]UniswapX developer docs, overview and auction types. link
[6]CoW Protocol docs, solvers and fair combinatorial auction. link
[7]LI.FI architecture and quote API documentation. link
[8]Socket architecture and EIP-7683 documentation. link
[9]ERC-7683: Cross Chain Intents standard. link
[10]Chainalysis, “$2.2 Billion Stolen from Crypto Platforms in 2024” — 2024 stolen funds, centralized-service hacks, DMM Bitcoin and WazirX examples, and private-key compromise share. link
[11]TRM Labs, “$2.2 billion was stolen in crypto-related hacks in 2024” — threat-vector breakdown and private-key / seed-phrase compromise share. link
[12]TRM Labs, “Bybit Hack Update” — approximately $1.5B stolen and rapid laundering through DeFi and cross-chain services. link
[13]Lit Protocol v3 (Chipotle): TEE-based execution, on-chain key orchestration, and hardware attestation. link
[14]Lit solver vault example in the Chipotle repository. link

Informational only. This report summarizes public materials and first-pass research current to June 2026. Loss estimates vary by source and attribution method; the figures above are directional and should be read as evidence of the magnitude of key-management risk, not as a legal or forensic conclusion. The solver market is changing quickly; production details such as solver participation, custody, latency budgets, and standards support should be treated as implementation-specific and subject to change.